angular-jwt is vulnerable to authorization bypasses. The library’s whitelist entries are treated as regular expressions meaning that the .
separator will match any character. This allows a malicious user to set up a domain name to bypass the whitelist filter e.g. if the entry is example.entry.io
, a malicious user can use setup a domain such as exampleXentry.io
to bypass the filter.